WIP: feat(jenkins_inbound_agent): add ansible role for deployment with docker

roles/jenkins/handlers/default.yml

@@ -7,7 +7,7 @@
     comparisons:
       '*': "ignore"
   when:
+    - jenkins_state == 'present'
     - jenkins_deployment_method == 'docker'
-    - jenkins_container_state == 'started'
   listen: jenkins_restart
   ignore_errors: "{{ ansible_check_mode }}"

roles/jenkins_inbound_agent/defaults/main/container.yml

@@ -54,14 +54,12 @@ jenkins_agent_container_env: ~
 jenkins_agent_container_base_env:
   JENKINS_URL: "{{ jenkins_agent_server_url | ansible.builtin.mandatory }}"
   JENKINS_AGENT_NAME: "{{ jenkins_agent_name | ansible.builtin.mandatory }}"
-  JENKINS_AGENT_WORKDIR: "{{ jenkins_agent_work_dir | default('/home/jenkins/agent') }}"
+  JENKINS_AGENT_WORKDIR: "{{ jenkins_agent_work_dir | default('/tmp/jenkins') }}"
-  JENKINS_WEB_SOCKET: "true"
+  JENKINS_WEBSOCKET: "true"
   JENKINS_SECRET: "@{{ jenkins_agent_secret_file }}"
-jenkins_agent_container_all_env: >-2
+jenkins_agent_all_env: >-2
   {{ jenkins_agent_container_base_env
     | combine(jenkins_agent_container_env | default({}, true)) }}
-jenkins_agent_container_user: >-2
-  {{ jenkins_agent_user_uid }}:{{ jenkins_agent_user_gid }}
 jenkins_agent_container_ports: ~
 jenkins_agent_container_state: >-2
   {{ (jenkins_agent_state == 'present') | ternary('started', 'absent') }}
@@ -70,7 +68,6 @@ jenkins_agent_container_labels:
 jenkins_agent_container_networks: ~
 jenkins_agent_container_etc_hosts: ~
 jenkins_agent_container_base_volumes:
-  - "{{ jenkins_agent_passwd_shim_file }}:/etc/passwd:ro"
   - "{{ jenkins_agent_secret_file }}:{{ jenkins_agent_secret_file }}:ro"
 jenkins_agent_container_volumes: ~
 jenkins_agent_container_all_volumes: >-2

roles/jenkins_inbound_agent/defaults/main/main.yml

@@ -2,9 +2,6 @@
 jenkins_agent_user: "jenkins-agent"
 jenkins_agent_user_create_home: false
 jenkins_agent_user_is_system: false
-jenkins_agent_user_uid: "{{ jenkins_agent_user_info.uid }}"
-jenkins_agent_user_gid: "{{ jenkins_agent_user_info.group }}"
-
 jenkins_agent_version: "3283.v92c105e0f819-8"
 
 jenkins_agent_state: "present"
@@ -15,4 +12,3 @@ jenkins_agent_secret: ~
 jenkins_agent_server_url: ~
 
 jenkins_agent_secret_file: "/etc/jenkins/agent/{{ jenkins_agent_name }}.secret"
-jenkins_agent_passwd_shim_file: "/etc/jenkins/agent/{{ jenkins_agent_name }}-passwd"

roles/jenkins_inbound_agent/handlers/main.yml

@@ -1,13 +0,0 @@
----
-- name: Restart jenkins agent container '{{ jenkins_agent_container_name }}'
-  community.docker.docker_container:
-    name: "{{ jenkins_agent_container_name }}"
-    state: "started"
-    restart: true
-    comparisons:
-      '*': "ignore"
-  listen: jenkins_agent_restart
-  when:
-    - jenkins_deployment_method == 'docker'
-    - jenkins_agent_container_state == 'started'
-  ignore_errors: "{{ ansible_check_mode }}"

roles/jenkins_inbound_agent/tasks/deploy-docker.yml

@@ -14,24 +14,12 @@
     recurse: true
   when: jenkins_agent_state == 'present'
 
-- name: Ensure jenkins agent secret is persisted
+- name: Ensure jenkins secret is persisted
   ansible.builtin.copy:
     dest: "{{ jenkins_agent_secret_file }}"
     content: "{{ jenkins_agent_secret }}"
     mode: "0400"
-    owner: "{{ jenkins_agent_user_uid | default(jenkins_agent_user) }}"
-    group: "{{ jenkins_agent_user_gid | default(jenkins_agent_user) }}"
   when: jenkins_agent_state == 'present'
-  notify:
-    - jenkins_agent_restart
-
-- name: Ensure jenkins agent fake '/etc/passwd' is templated
-  ansible.builtin.template:
-    src: "docker-passwd.j2"
-    dest: "{{ jenkins_agent_passwd_shim_file }}"
-    mode: "0644"
-    owner: "root"
-    group: "root"
 
 - name: Ensure jenkins configuration is removed
   ansible.builtin.file:
@@ -44,15 +32,12 @@
   community.docker.docker_container:
     name: "{{ jenkins_agent_container_name }}"
     image: "{{ jenkins_agent_container_image }}"
-    env: "{{ jenkins_agent_container_all_env | default(omit, true) }}"
+    env: "{{ jenkins_agent_container_env | default(omit, true) }}"
     init: "{{ jenkins_agent_container_init | default(true, true) }}"
-    user: "{{ jenkins_agent_container_user | default(omit, true) }}"
     ports: "{{ jenkins_agent_container_ports | default(omit, true) }}"
     labels: "{{ jenkins_agent_container_labels | default(omit, true) }}"
-    volumes: "{{ jenkins_agent_container_all_volumes }}"
+    volumes: "{{ jenkins_agent_container_volumes }}"
     networks: "{{ jenkins_agent_container_networks | default(omit, true) }}"
     etc_hosts: "{{ jenkins_agent_container_etc_hosts | default(omit, true) }}"
     restart_policy: "{{ jenkins_agent_container_restart_policy }}"
     state: "{{ jenkins_agent_container_state }}"
-    comparisons:
-      "env": "strict"

roles/jenkins_inbound_agent/tasks/main.yml

@@ -3,14 +3,6 @@
   ansible.builtin.include_tasks:
     file: "check.yml"
 
-- name: Ensure jenkins-agent user '{{ jenkins_agent_user }}' is {{ jenkins_agent_state }}
-  ansible.builtin.user:
-    name: "{{ jenkins_agent_user }}"
-    state: "{{ jenkins_agent_state }}"
-    system: "{{ jenkins_agent_user_is_system }}"
-    create_home: "{{ jenkins_agent_user_create_home }}"
-  register: jenkins_agent_user_info
-
 - name: Ensure jenkins-agent '{{ jenkins_agent_name }}' is deployed using {{ jenkins_agent_deployment_method }}
   ansible.builtin.include_tasks:
     file: "deploy-{{ jenkins_agent_deployment_method }}.yml"

roles/jenkins_inbound_agent/templates/docker-passwd.j2

@@ -1,18 +0,0 @@
-root:x:0:0:root:/root:/bin/sh
-bin:x:1:1:bin:/bin:/sbin/nologin
-daemon:x:2:2:daemon:/sbin:/sbin/nologin
-lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
-sync:x:5:0:sync:/sbin:/bin/sync
-shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
-halt:x:7:0:halt:/sbin:/sbin/halt
-mail:x:8:12:mail:/var/mail:/sbin/nologin
-news:x:9:13:news:/usr/lib/news:/sbin/nologin
-uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
-cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
-ftp:x:21:21::/var/lib/ftp:/sbin/nologin
-sshd:x:22:22:sshd:/dev/null:/sbin/nologin
-games:x:35:35:games:/usr/games:/sbin/nologin
-ntp:x:123:123:NTP:/var/empty:/sbin/nologin
-guest:x:405:100:guest:/dev/null:/sbin/nologin
-nobody:x:65534:65534:nobody:/:/sbin/nologin
-jenkins:x:1000:1000:Linux User,,,:/home/jenkins:/bin/sh